Tagged: Apple

Jeremiah Grossman recently posted an article explaining how the Safari browser (versions 4 & 5) auto-populates a user’s first name, last name, work place, city, state, and email address by default. All an attacker would have to do to get this information from unsuspecting Safari users is to create simple web form (probably hidden from the user via CSS) and use JavaScript to simulate keystrokes. Once the fields are populated it is easy for an attacker to retrieve it. Someone has even taken the liberty of writing the proof-of-concept code to demonstrate that this actually works.

Related Posts:

The Associated Press reports that iPhone users can now legally jailbreak their phones. This will still violate Apple’s terms of service, but it won’t break the 1998 federal law that prohibits people from bypassing technical measures that companies put on their products to prevent unauthorized use of copyright-protected material. Some additional exemptions to the law are as follows: